SRX

Hi All,

 I have an SRX-3K cluster terminating multiple Route based VPN's into multiple VR's.  I have seen a case where a tunnel will come up but no traffic will go through the tunnel.  the KMD logs does not report any errors as it seems the tunnel is up and functioning.  Nothing seems to fix the issue other then doing the following:

- rename the Ike gateway and rename the IPSEC VPN.

After renaming the traffic beings to flow.  Whats even weirder is that if you return the original names to the gateway and vpn it STILL works!!

Any idea whats up here?

Running 10.2R3  all vpns going to SSG-5's.

Thanks!

As the release Note of 11.1R1 does mention:

Have a Look @this Juniper Release Note 11.1

Support for Internet Key Exchange (IKE) in multiple virtual routers—This feature is supported on all SRX Series and J Series devices.
The remote IKE gateway address can be in any virtual routing (VR) instance. VR is determined during IKE Phase 1 and Phase 2 negotiation. VR does not have to be configured in the IKE proposals. If the IKE gateway interface is moved from one VR to another, the existing IKE Phase 1 and Phase 2 negotiations for the IKE gateway are cleared, and new Phase 1 and Phase 2 negotiations are performed.

 Configuration Guide

Regards,

NULL

Thanks NULL.  All my gateways are accessed through the same VR (inet.0)  Only the ST unit lives in a custom VR (ex st.1001, st.1002).  Does this make a difference?

Hi Magraw,

sorry did in hurry pic the wrong Link 

LINK

To your question: shouldn't be a problem if you're using the right JunOS Release 11.1 Onwards.

Regards,

NULL